Overview

File perl-Convert-ASN1-CVE-2013-7488.patch of Package perl-Convert-ASN1.17746

From ce148a2e0872b708450005cf0b3a944014aae990 Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Tue, 29 Oct 2013 08:37:48 -0700
Subject: [PATCH 1/2] Fix unsafe decoding in indef case

---
 lib/Convert/ASN1/_decode.pm | 1 +
 1 file changed, 1 insertion(+)

Index: Convert-ASN1-0.27/lib/Convert/ASN1/_decode.pm
===================================================================
--- Convert-ASN1-0.27.orig/lib/Convert/ASN1/_decode.pm
+++ Convert-ASN1-0.27/lib/Convert/ASN1/_decode.pm
@@ -683,14 +683,16 @@ sub _scan_indef {
       $pos += 2;
       next;
     }
+    return if $pos >= $end;
 
     my $tag = substr($_[0], $pos++, 1);
 
     if((unpack("C",$tag) & 0x1f) == 0x1f) {
       my $b;
       do {
-	$tag .= substr($_[0],$pos++,1);
-	$b = ord substr($tag,-1);
+        return if $pos >= $end;
+        $tag .= substr($_[0],$pos++,1);
+        $b = ord substr($tag,-1);
       } while($b & 0x80);
     }
     return if $pos >= $end;
openSUSE Build Service is sponsored by
Places